AppHouseKitchen AlDente Charge Limiter XPC Service Improper Authorization Vulnerability

A critical vulnerability has been identified in AppHouseKitchen AlDente Charge Limiter versions prior to 1.30 on macOS. The issue resides in the XPC service component, specifically within the 'shouldAcceptNewConnection' function of the 'com.apphousekitchen.aldente-pro.helper' file. This vulnerability allows improper authorization, enabling unauthorized access to privileged hardware operations through the application's Mach service. The flaw can be exploited locally, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows unauthorized users to connect to the XPC service and invoke sensitive methods that can manipulate hardware settings, manage power assertions, read confidential system information, and potentially cause permanent damage to the device.

Reproduction

The vulnerability can be reproduced by creating a custom XPC client that connects to the 'com.apphousekitchen.aldente-pro.helper' Mach service. The connection can be established without any verification, allowing the client to invoke exposed methods, such as 'getVersionWithReply', which demonstrates the lack of authorization checks. This proof-of-concept exploitation confirms that the vulnerability is exploitable and can be used to access other sensitive methods that could harm the hardware.

Remediation

Users are advised to upgrade to AppHouseKitchen AlDente Charge Limiter version 1.30.